Hi there bleeping computers comunity,first of all im asking you guys for help because i really need it;i didnt want to bother you all so i started trying to solve this "search for"virus problem just by following the steps you gave to all the other members and it actually worked,but only for a while i manage to remove all the ad problems and everything goes back to normal,but once i shut down my pc i turn it on again and the virus is back again,by the way i have win 98,i already downloaded hijack this and took it out of the temporaly folder and made a new one for it i also have the shredder program and spy sweeper,they all detect the problems and remove it but some mysterious way they come back!!!...its like the twilight zone or something,by the way some of the things that i find are:
ROMAHERE3 and CONTROL HANDLER heres my last scan result(hijack this)by the way sorry for my english i need to work on it
Logfile of HijackThis v1.98.2
Scan saved at 04:54:55 p.m., on 22/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\ARCHIVOS DE PROGRAMA\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\ARCHIVOS DE PROGRAMA\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\ARCHIVOS DE PROGRAMA\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\FVH0V4T26RIBT.EXE
C:\ARCHIVOS DE PROGRAMA\PALM\HOTSYNC.EXE
C:\ARCHIVOS DE PROGRAMA\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\LOGITECH\IMAGESTUDIO\LOWLIGHT.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\8NHOF45YD0THD.EXE
C:\WINDOWS\SYSTEM\OTXSID2UKXG.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVW32.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\ARCHIVOS DE PROGRAMA\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\I15YC4~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\ES-LA\MSNTB.DLL
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Archivos de programa\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Archivos de programa\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\8NHOF45YD0THD.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Archivos de programa\Archivos comunes\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIVOS DE PROGRAMA\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [LDM] C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\OTXSID2UKXG.EXE
O4 - Startup: HotSync Manager.lnk = C:\Archivos de programa\Palm\HOTSYNC.EXE
O4 - Startup: Encoder Agent.lnk = C:\Archivos de programa\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sv.ccglobal.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 168.243.227.194,205.235.28.17
Full Version: really need some help
Try running your scans with System Restore turned off.
Win 98 ___ Enabled by default. To disable:
MY COMPUTER / PROPERTIES / PERFORMANCE tab / FILE SYSTEM
TROUBLE SHOOTING tab / check DISABLE SYSTEM RESTORE / OK / OK / YES when prompted to reboot.
You should post your log in the HJT forum here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Win 98 ___ Enabled by default. To disable:
MY COMPUTER / PROPERTIES / PERFORMANCE tab / FILE SYSTEM
TROUBLE SHOOTING tab / check DISABLE SYSTEM RESTORE / OK / OK / YES when prompted to reboot.
You should post your log in the HJT forum here. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.
It doesn't say here if you have tried to reboot off of an anti-virus rescue diskette and run a virus scan from there.
With Norton AntiVirus you would create a 8 diskette set of virus rescue emergency diskettes. Update the virus definitions first. When you are done creating the diskettes make sure you slide/flip the little tab on the diskette to make the diskettes read only! This is a MUST for these diskettes. Then reboot off those diskettes and run the virus scan from them. They often catch viruses that can't be detected from within Windows programs.
Every anti-virus program has some sort of utility for creating these rescue/emergency fix type of diskettes.
If your computer is unavailable - make the diskettes on another computer BUT use ONLY the virus scan part of the diskettes NOT the drive image restore or Master Boot Record restore or file system file allocation table (FAT) restore options. Those options on the diskettes are specific to the computer the diskettes were made on, and would only mess your's up more.
Good Luck!
With Norton AntiVirus you would create a 8 diskette set of virus rescue emergency diskettes. Update the virus definitions first. When you are done creating the diskettes make sure you slide/flip the little tab on the diskette to make the diskettes read only! This is a MUST for these diskettes. Then reboot off those diskettes and run the virus scan from them. They often catch viruses that can't be detected from within Windows programs.
Every anti-virus program has some sort of utility for creating these rescue/emergency fix type of diskettes.
If your computer is unavailable - make the diskettes on another computer BUT use ONLY the virus scan part of the diskettes NOT the drive image restore or Master Boot Record restore or file system file allocation table (FAT) restore options. Those options on the diskettes are specific to the computer the diskettes were made on, and would only mess your's up more.
Good Luck!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.